Contents
1Plain English Summary
We are Achyut Labs Pvt Ltd (doing business as Pratham POS) (ABN 63 674 531 557). We collect personal information to operate our services and run our Partner Program. We don't sell your data. We use it to deliver services, process payments, verify your identity, and communicate with you. You have rights to access and correct your information. If you have concerns, contact us at support@achyutlabs.com.
2Who This Policy Covers
This Privacy Policy applies to all individuals who interact with Pratham, including:
• Customers and prospective customers of Pratham's products and services;
• Partners and prospective partners in the Pratham Partner Program;
• Visitors to our website at prathampos.com;
• Employees, contractors, and job applicants (to a limited extent).
By using our services or submitting a partner application, you agree to the collection and use of information as described in this Policy.
3Information We Collect
| Category | Examples | Purpose |
|---|---|---|
| Identity & Contact | Full name, email address, phone number, business name, ABN, ACN | Identity verification, account creation, communications |
| Financial | Bank account details (BSB, account number, account name), tax file information (GST status) | Commission payouts, RCTI issuance |
| Business Information | Business name, entity type, ABN, GST registration, partner tier | Program eligibility, commission calculation |
| Address | Business address, city, state, postcode | Identity verification, compliance |
| Usage Data | IP address, browser type, pages visited, time on site, referral source | Improving our website and services, analytics |
| Communications | Emails, support tickets, chat logs | Customer support, dispute resolution |
| Electronic Signature | Typed name, date and time of signature | Partner Agreement execution, legal compliance |
4How We Collect Information
We collect personal information:
• Directly from you — when you complete an application form, register an account, contact us, or sign an agreement;
• Automatically — when you use our website or services (via cookies, logs, and analytics tools);
• From third parties — such as identity verification providers, credit bureaus (where permitted), and referral partners;
• From public sources — such as ASIC and ABR for business verification purposes.
5Controller & Processor Roles
Pratham acts as a data controller in relation to personal information collected for its own business purposes (account management, marketing, partner program administration).
Where Pratham processes personal information on behalf of its business customers (e.g., point-of-sale transaction data), Pratham acts as a data processor. Business customers are responsible for ensuring their use of Pratham's platform complies with applicable privacy laws.
6Why We Use Your Information
Service Delivery
To operate our platform, process applications, manage accounts, and provide customer support.
Partner Program Administration
To process partner applications, calculate commissions, issue RCTIs, and manage payout schedules.
Identity Verification
To verify the identity of applicants and comply with AML/CTF obligations.
Legal Compliance
To comply with tax laws, anti-money laundering legislation, court orders, and regulatory requirements.
Communications
To send transactional emails (application status, payment confirmations), product updates, and marketing communications (where you have consented).
Improving Our Services
To analyse usage patterns, identify bugs, and improve the performance and features of our products.
Security
To detect, prevent, and investigate fraud, unauthorised access, and other illegal activities.
7Who We Share Information With
| Recipient | Context | Safeguards |
|---|---|---|
| Payment Processors | To process EFT commission payouts | PCI-DSS compliant, contractual obligations |
| Identity Verification Services | To verify ABN, ACN, and identity documents | Contracted data processors, encrypted transmission |
| Cloud Infrastructure Providers | AWS (Asia Pacific region) for hosting and storage | ISO 27001 certified, data processing agreement in place |
| Analytics Providers | Website usage analytics (e.g., Google Analytics) | Anonymised where possible, data processing agreement |
| Email Service Providers | Sending transactional and marketing emails | Contracted processors, no independent right to use your data |
| Legal & Compliance Advisors | Where required to obtain legal advice or comply with legal obligations | Professional obligations of confidentiality |
| Regulators & Government Agencies | ATO, ASIC, law enforcement (where required by law) | Disclosed only as required by law |
8Data Storage
Your personal information is stored on servers located in Australia (AWS Asia Pacific — Sydney region). We do not transfer personal information outside Australia without your consent or unless required to by law, except where our third-party service providers (as listed in section 7) process data in accordance with their applicable privacy commitments.
9How We Protect Your Information
We implement technical and organisational measures to protect personal information from unauthorised access, disclosure, alteration, and destruction, including:
• Encryption in transit (TLS/SSL) and at rest (AES-256);
• Role-based access controls limiting who can access personal information;
• Multi-factor authentication for staff with access to sensitive systems;
• Regular security assessments and penetration testing;
• Staff training on privacy and security obligations.
No method of transmission or storage is 100% secure. If you believe your information has been compromised, please contact us immediately at support@achyutlabs.com.
10Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Partner Application Data | 7 years after termination | Tax and legal compliance (RCTI records) |
| Commission & Financial Records | 7 years | ATO requirements |
| Electronic Signatures | 7 years after agreement end | Evidence of binding agreement |
| Customer Transaction Data | 7 years | Tax and legal compliance |
| Website Usage Logs | 12 months | Security monitoring |
| Marketing Consent Records | Until withdrawn + 3 years | Spam Act compliance |
11Your Rights
Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:
• Access: request a copy of the personal information we hold about you;
• Correction: request correction of inaccurate or incomplete information;
• Complaints: lodge a complaint about our handling of your information;
• Opt-out: unsubscribe from marketing communications at any time.
To exercise these rights, contact us at support@achyutlabs.com. We will respond within 30 days. There is no charge for access requests unless the request is manifestly unreasonable or requires significant resources to fulfil.
If we refuse a request, we will explain our reasons in writing. You may then complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
12Cookies & Tracking Technologies
Our website uses cookies and similar tracking technologies to:
• Remember your preferences and login session;
• Measure website traffic and usage patterns;
• Provide personalised content and advertisements.
Essential cookies (required for the website to function) cannot be disabled. Analytics and marketing cookies can be managed through your browser settings or our cookie preference centre.
We use Google Analytics with IP anonymisation enabled. You can opt out of Google Analytics tracking at tools.google.com/dlpage/gaoptout.
13Complaints
If you believe we have handled your personal information in breach of the Privacy Act 1988 (Cth), please:
1. Contact us first at support@achyutlabs.com — we will acknowledge your complaint within 3 business days and aim to resolve it within 30 days.
2. If you are not satisfied with our response, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC): oaic.gov.au or 1300 363 992.
14How to Contact Us
Privacy Officer
Achyut Labs Pvt Ltd (doing business as Pratham POS)
Email: support@achyutlabs.com
Web: prathampos.com
For general enquiries: support@achyutlabs.com
For partner enquiries: support@achyutlabs.com
15International Visitors
This Privacy Policy is designed to comply with Australian privacy law. If you are accessing our services from outside Australia, please note that your information may be transferred to and stored in Australia. By using our services, you consent to this transfer.
For visitors from the European Union or United Kingdom, we acknowledge the requirements of the GDPR/UK GDPR. Where we act as a data controller for EU/UK residents, we rely on the following lawful bases: (a) contract performance (processing necessary to fulfil our agreement with you); (b) legal obligation; (c) legitimate interests. You may contact support@achyutlabs.com to exercise your GDPR rights.
Policy Updates
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. Your continued use of our services after the effective date of a revision constitutes acceptance of the updated Policy.
Last updated: 1 January 2025 · Questions? Email support@achyutlabs.com